The driver for the video recording app v4l2 is where the vulnerability was discovered. When unauthorized users gain the access to place low-privileged code on a mobile device, they can take advantage of the vulnerability to elevate their privileges. Following the obtainment of these privileges, the attacker can load malicious applications and take over the device completely. The severity of this vulnerability has been rated a 7.8 out of 10. It should be known that this will not allow attackers to remotely break into users’ phones and that local access is required to carry out their malicious activities. Apparently, the vulnerability was reported to Google back in March and they promised a patch, but one never came. Since Google chose not to address the vulnerability, the researchers who discovered it decided to go public with the details of their discovery.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased